SSL and how to change your website from http to https

This post may contain text and image affiliate links and receive a small commission for purchases.

Have you heard that Google is going to start favoring websites that have SSL encryption? Do you know if you have it on your website? Do you have a little padlock before your website URL in your browser? Does your URL start with httpS? (Emphasis on the s!) If not, keep reading for a tutorial to easily move your WordPress website from HTTP to HTTPS and preserve SEO. And make Google happy!

Why you need SSL, regardless of the type of website you have

It used to be that you only needed SSL if your website collected information, like payment information and passwords. But now Google has decided to favor websites that have it regardless of whether or not they collect information.

Still not sure you need the green lock icon on your website or why?

Let Google Chrome Developers explain why HTTPS is not only baseline security on the web, but also benefits site business by unlocking powerful capabilities. The first 10 minutes explain what https is, and the benefits. Then if you jump ahead to minute 32:30, she explains Google Chrome’s strategy to inform users on the risks of non-secure http, and the plan they are starting to roll out for favoring https sites.

What enabling SSL on your website means

To enable SSL on your website for all access, you’re going to have to move your website from “http://yourwebsite.com” to “https://yourwebsite.com.” And you’re going to have to make sure everything is redirected properly.

What a hassle! But if you’ve been affected by some of the big security breaches, like the Equifax security breach, you’ve got to be on board with improving security on the web!

Moving from http to https. Is it hard?

The problem is that the tech gurus running hosting sites and giving WordPress advice don’t realize how clueless most of us are. On top of that, most professional website developers moved their sites to https long ago. Moving to https is now easier.

The upside to procrastinating? It’s now easier, with more free options! The downside? The best tutorials were written when moving from http to https was more complicated. By tech gurus.

And did I mention they don’t speak the same language as the rest of us mortals?

I’ve put together a tutorial for moving your WordPress website for http to https by combining information from the BEST tutorials with the MOST TECHNICAL and complete tutorials. If you want to read more about SSL, and see the 19 tutorials and other informational posts I used to construct this tutorial, see the resources section below.

How to move your WordPress website from http to https

how to figure out if your web host provides a free SSL Certificate (and what that is)

how to redirect your traffic from http:// to https:// with a plugin (and why to use a plugin)

what to do after you redirect your traffic so your search rankings won’t be affected

reminders to change your links on social media

additional resources, including the 19 articles and tutorials I read to prepare this step-by-step tutorial

Before you move your WordPress Site to https://

Make sure you have your login information, your username and password, recorded. Because your login url is going to change. This means all your normally saved data to your browser might not automatically enter itself. (Because if you’re like me and broke your wrist two years ago, 2 surgeries and one cast later you may have, um, somehow misplaced your passwaords. Ack! I followed these directions to reset my password: WordPress.org Resetting your password WordPress will generate a new one for you. Be sure you record it somewhere before you click Update Profile!)

Move your WordPress website from http to https – does your website have an SSL Certificate?

You need an SSL certificate from a Certificate Authority. See if your host provides it for free. (Not sure what a website host is? Read Domains and Host Part 1.)

Most hosts seem to provide SSL Certificates through Let’s Encrypt. Let’s Encrypt is a Certificate Authority. There is more than one type of Certificate. This type of Certificate should be good for most types of webpages that you are likely to have if you are doing website upkeep yourself.

How to find out if your host provides a certificate from a Certificate Authority.

Check you host’s web page, or contact support to see if they provide a certificate from a Certificate authority. I called my host provider support, A2 Hosting (affiliate link]), and found out the answer in minutes!

If a SSL certificate is installed, you will be able to view a secure version of your site by going to https://”yoursite.com” Go ahead and try it and see if anything comes up. If it does, then you have a certificate. (Note: If you do this while you’re logged in to admin, it seems to get confused. So go ahead and go back to your http:// site after you check this.)

If your host doesn’t provide SSL.

Let’s Encrypt is free, so you can add it yourself. Unfortunately, doing this adds another step. Let’s Encrypt has information on their website, which for once reads like it was written by someone who understands that there are some of us that need some really basic help. You can get started at Let’s Encrypt: Getting Started

If your host doesn’t provide it for free, it might be time to look for another hosting option. I use A2 Hosting [affiliate link] and they do!

More About Let’s Encrypt and free SSL Certificates

Let’s Encrypt is a free, automated, and open certificate authority by the non-profit Internet Security Research Group (ISRG). I think it is wonderful how software engineers foster sharing and volunteer help all over the web. My husband and son are software engineers, and the number of free resources for code and support they use and contribute to are amazing!

Let’s Encrypt provides free of charge certificates to anyone who owns a URL, in any country, simply to make internet security available to everyone – for the benefit of EVERYONE ON THE WEB.

Redirecting your WordPress website traffic from http to https

Now that you have certificate, you want all traffic to only be able to access your website through this secure connection. AND you need all the old links around the web to still be able to find your pages.

You could do this manually with 301 redirects. (Oh dear. Yuck!)

Or you can use Apache rewrite rules in a custom .htaccess file. (Um no. Not unless I absolutely have to and have a software engineer watch me do it.)

This plugin does the changes dynamically. It does not change any database files. Translation: You’re going to have to leave this plugin installed.

I looked for another option. But unless you’re a super coder, it looks like this is the best way. Even some of the ways I found that involved changing code directly said if there are complications the best way to fix them is by using using the Really Simple SSL plugin. So why not start there?

If you run into any issues, or maybe you had a website developer in the past and have a complicated website, there is also a paid version of Really Simple SSL that can help you find errors.

In short, the way that is most likely to be successful redirecting your WordPress blog from http to https – even if you know what you’re doing – is to use the Really Simple SSL plugin.

Install and activate the Really Simple Plugin to direct your traffic to https

From your WordPress dashboard choose Plugins>Add New and search for “Really Simple SSL”

Click “Activate.”

It takes you to a page where give you some information to keep in mind if you run into problems. Here is what you see:

Almost ready to migreate to SSL!

Some things can’t be done automatically. Before you migrate, please check for:

Http references in your .css and .js files: change any http:// into //

Images, stylesheets or scripts from a domain without an ssl certificate: remove them or move to your own server.

You can also let the automatic scan of the pro version handle this for you, and get premium support, increased security with HSTS and more! Check out Really Simple SSL Premium

If you have maintained your website yourself, and not touched the code directly, this probably won’t apply to you. I didn’t have any problems and the tutorials I read breezed right past this consideration. So, let’s keep going.

> Go ahead, activate SSL. When you do this, it’s going to kick you out of your WordPress admin.

It might take a few seconds to kick you out. If it doesn’t, reload the page and it will kick you out.

Tell Bing about the move from http to https

Enter the full sitemap (not just the end) that you found in SEO Yoast for Google.

Reconnect to Google analytics after moving from http to https

The Google analytics console is going to change soon, but hopefully you can still find these steps.

> Gear icon in the lower left hand corner for Settings

You will get three columns. The middle column is property. Make sure you are on the property you want to change. (I have three webpages, so I do this by changing the account in the first Account column.)

> Property settings

Flip the default URL to the https:// version

> Save

Also under Property settings, scroll down to Search Console. > Adjust Search Console

(You may have to scroll back up.) Under Search Console Settings, Search Console Site, > Edit

It will bring up a new window in Webmaster tools.

If you are already connected you may have to delete that connection before going back to add another one.

Choose your new https site. > Save, > OK

It will take you to Webmaster Tools when you do this successfully.

Tell Social Media sites about the move from http to https

Now you want to change your links on some other accounts. Especially Youtube, apparently. Other accounts you may need to change: Pinterest (for help, see resource below), Twitter, Instagram, Facebook, and Snapchat.

Tell Affiliates about your move to HTTPS

You may need to tell your affiliates about your move to https

How to change your website on Amazon Affiliates

Go to your account name/email address on the top right, from the dropdown menu choose >Account Settings

Mine show up with no http ot https, so they seem fine. But check yours!

Congratulations! You have now moved your website from http to https!

That’s finally it! You have now moved your website from http to https! At least it worked for me. I will admit I was relieved to wake up the next morning and find my websites still working. It took a couple of days for Google to crawl my sites. But I did that several weeks ago and my traffic and search traffic have been unaffected.

Next website security step, what version of PHP is on your website?

Update: 10/10/2017

Check redirect links

One last thing. I have three domains, and a few years ago I changed my main URL from ESIvy.com to this site, MomBehindtheCurtain.com, leaving only author related posts on ESIvy.com. To redirect existing links on the web, like on Pinterest, to the general posts I published first there, I used the plugin Quick Page/Post Redirect Plugin. Because of the change to https://, some of my redirects quit working.

I’m not sure why this happened, because in theory it should have just redirected twice. But my software engineer has taught me that sometimes when you have complicated software, the reasons things happened can be buried deeper in the code than you can figure out. It was easy to go in and just add some new redirects, but you have to know to do it!

So if you have any redirects to or from the sites you move to https, check your redirect links after moving your website from http to https!

Resources for SSL and moving your website from http to https

How to backup your WordPress website and other basic website tutorials referenced in this tutorial

Affiliate Disclaimer

Please note that some of the links on this site are referral links, to places like Amazon and Target, which means I may get a small commission if you make a purchase after clicking on them. You pay exactly the same price as you would if you made the purchase directly. I only link to products and services I personally recommend and also it allows me to show you images relevant to posts. Thank you for your support in this way!

Here's the specific wording Amazon tells me to use on my site: mombehindthecurtain.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.